Support Forum

Hello everyone,I'm deploying 2 VPN configs in EMS to a group of devices, users have no control over Forticlient, I want to force connection to both VPNs automatically once connected to the network.It seems that only one VPN can connect automatically, while the user has to click on connect for the second VPN to come UP. Already enabled Multi VPN Auto connect option in Forticlient EMS but it has no effect (both VPNs are IKE v2)We are using Forticlient EMS 7.4.5 Any idea ? 

I've followed the instructions in https://docs.fortinet.com/document/forticlient/7.2.0/new-features/792170/entra-id-integration-7-2-1 and ended up creating 2 separate Enterprise Applications where one was used to configure the Client Secret (for the Administration > Authentication Server), and the other was used for the SAML URLs (for User Management > SAML Configuration). While this works, and I am able to register FortiClients by authenticating against Entra ID, I wonder if I did it  correctly. Could this have been a single Enterprise Application? Or if not, and they had to be separate, what is the Enterprise Application with the Client Secret used for?And what is the Enterprise Application with the SAML URLs used for? Also what is this?To configure the Azure tenant app for initiating passthrough (domain):Is this an alternative to registering an Entra ID user's endpoint to EMS using SAML (which is my goal)?

I have problems with a policy where I include an application control where I block access to facebook, youtube and others, one of the applications that I allow within the control is whatsapp but it has presented problems since yesterday, the attached files are not They send and the messages are sent several minutes later, the same as when receiving. I have been doing tests and by allowing the known applications the whatsapp starts working correctly, someone could help me know what the problem is if everything was working well until yesterday that I present this inconvenient.   My device is a Fortigate 90D The only categories that I have blocked in the control of applications are: Botnet, Game, P2P, Social.Media, Update, Video/Audio and Unknown applications (now in monitor mode for whatsapp work) The other categories are in monitor mode

 What is difference in kvm image

Hi everybody, Since a few days ago, when scanning with nmap, 2 ports appear as open:PORT    STATE  SERVICE53/tcp  open   domain dnsmasq 2.90113/tcp closed ident853/tcp open   domain-s I run scanning regularly. I do not understand how this could happen. I am trying to close them but no success. I do not use Override authentication. If somebody could help, I would appreciate.Thank you @AEK@mpapisetty 

Hi, I have an issue regarding a Forti 60F on which i tried doing a quick install that wasn't working. I deleted the task but later on, after trying a full Install Wizard, i realized it was blocked due to that one task i deleted (Blocked by session id(xxxx), task(xxxx)).Now that i have deleted the task, i can no longer do any install wizard as long as it is running.I looked up all of fortinet documentation and ran the commands on command line, but all the commands that could delete the task are no longer supported by Fortimanager 7.6.6Is there any other solution to stop the task completely, or recover it ?

Hi all,I currently have the following setup:FortiManager Cloud → FortiGate → FortiLink → FortiSwitchAll configuration is pushed via FortiManager templates.What would be the best practice to safely remove a FortiSwitch from the FortiGate in this scenario? Thanks.

HiI upgraded the 60F from version 7.0.5 to 7.2 three days ago. The system looks very promising but has a problem with a new feature in Log & Report. The "Summary" page in "System Events" and "Security Events" is blank - no data exists (it is not grayed out, only all tables are empty). When I go to the "Details" tab, all logs of individual modules are in place, regardless of whether I choose "FortigateCloud" or "Memory". I have a licensed version of "Standalone FortiGate Cloud account" - 1 year log retention.Can anyone, are there any specific requirements to run this function (maybe Fortianalizer?).Or is it an early version of the system bug?Does it work for someone?Thanx

FortiVPN client is compatible with MacOS Tahoe 26.4? I tried install but getting below error. 

Hello team!!! Some time ago I asked some questions here about FGT-Entra ID synchronization using SAMLNow finally I could make it work with Fortinet Support.Just 1 question about this:When the user will be prompted to enter credentials again? I tried restarting the Client OS and the credentials were not asked, just were asked the first time I tried to navigate. Thanks in advance.Regards,Damián  I just tes 

Hello, in one of our branches we have this FG60F cluster and we have problems. It is a critical one, not more than 20 users but it is a warehouse with antennas and we need 24x7. Some months ago it entered in conserve mode and we dont really know what the people there did, but we had problems to get the HA working again. After that we deactivated IPS, SSL, etc. and some other memory issued configurations but at the end we updated the cluster to 7.4.5 and after that the memory usage in general was much lower. We checked and it was always between 50-55%. This morning it happened again and right now they are using the slave unit (we dont know yet what the guys did). I wanted to check System Events in Forticloud since we removed local logging but I dont see any information there for the master unit. Any suggestions? It seems crazy that we use a cluster and with this conserve mode issue we loose basically both FGs. Thanks! 

Hi Team,I am currently using:-Device: FortiGate 60F-FortiOS Version: 6.4.6 build 1879 (GA)Current AP: FAP-221C (unstable / planning to replace)I would like to know:1. Which FortiAP models are fully compatible with FortiOS 6.4.6?2. Is WiFi 6 AP (like FAP-231F / FAP-234F) supported without issues?3. Will existing FortiAP profiles auto-apply to new AP?Environment:- Medium office- Using FortiGate as wireless controllerAny recommendations for stable AP models would be appreciated.

I am just looking for any insight and tips to focus on that don’t violate anyone’s NDAs. I have some practice exams that I have been spamming on Udemy. I note down anything I have no idea about and do a deep dive on it via YouTube, Google etc. just as much reading as I can to learn about the concept. Practice exams are scoring anywhere between 48-59% so not insanely far off the passing mark but definitely not in a position to sit for this exam (if I want to not lose my money and pass it on the first go). Any advice on GNS3 lab images that helped shore things up for you all or really any resources that helped you all dial in to get to a point where you were ready and passed the exam, please send them my way. Been playing in FortiGates for 6+ years for various outfits and I know I am close to really nailing this thing. There are just a lot of features in these things that I never touch because the customers I am working for aren’t using them. Honestly never really saw a customer use a Fo

Hi, We are running FortiSIEM v5.2.1 with a Collector connected to it. The Collector self-signed SSL Certificate had expired. How do we renew the self-signed certificate for the Collector? I cannot find any forums/documentations how to remediate this issue. 

So we finally pulled out the fortiwifi 40f that's been causing so much grief and replaced it with a consumer router that actually works and before binning the fortiwifi decided to factory reset, upgrade to latest firmware and see if a fortigate device can actually do something useful. First thing I noticed was it's now claiming to be on the 'Latest' update v7.0.12 and furthermore it won't do any firmware updates without a paid subscription (which is odd because it was running without a subscription prior to the resel and was always complaining about needing updates).Now since it is April Fools day I just wanted to clarify I'm not imagining this or misunderstanding something.  Fortigate sells devices chock-full of security holes and withholds the fixes unless you pay in perpetuity for a subscription? Really? Or did the factory reset update to the latest stable version of the 7.0 branch and is merely refusing to update the major version? Which would be slightly more reasonable albei

Anybody doing any multiple ISPs with DHCP-PD for IPv6 and SD-WAN with failover and NATting on the fother PPPoE + DHCP-PD interface?Seems that 7.6.3 don't have NAT66 options (or I'm blind) and the "problem" is that my WAN/ppp interfaces don't have IPv6 IPs assigned from the PPPoE/DHCP and the gateways are the link-local FE80::1 IPsLooking for more/detail information to peruse on the FortiGate 7.6.x to configure... or is there a IPv6 "working group" I could join to assist in test case debugging?

Hello  Hi Community, please I want to know if anyone has integrated misp feeds to Fortigate (I already have feeds for IP and URL from other sources) How can I consume this IOC from misp events.? Thank you! Regards.

Hi,Has Anyone deployed FortiDDoS in prevention mode? We will be switching the DDoS from Detection mode to prevention mode tomorrow. I have generated thresholds multiple times and now thresholds are not getting updated. SPP Profiles for DNS, NTP, ICMP, TCP and HTTP are applied after reviewing the Handbook. I'm seeing some drops in the incoming traffic against DNS data anomaly, DNS UDP Header anomaly, DNS query anomaly, DNS exploit anomaly. Should i uncheck these options in the field and then switch the mode of the DDoS? Any guide on how you guys worked your way toward switching from Detection to Prevention will be helpful.

I'm curious about how much of firewall throuput is consumed when UTM features are enabled. (IPS, AV, App Control, Web Filter) How much of a precentage from total firewall throughput consumes each feature ?  

Good morning, when I try to install the program, it tells me that I must uninstall the current version. But the problem is that there is no program, no folder. I don't know what else to try. I tried with cdm or powershel and nothing worked either.

"Thank you all for your responses.Following up with additional questions:When is FortiOS 8.0 expected to be officially released for FortiGate hardware?Which FortiGate models will be supported?Will this upgrade have any impact on connected FortiSwitch and FortiAP devices? Will they require firmware updates as well?Thanks in advance 

 Hi everyone,I’m having an issue when trying to activate the trial license on a FortiGate VM running on GNS3 (KVM).When I execute the following command:execute vm-licenseand confirm with y, I get this error:Requesting FortiCare Trial license, proxy:(null) curl forticare failed, 28 Failed to request forticare license 28. Failed to download VM license.Additional system information:FortiGate-VM64-KVM # get system status Version: FortiGate-VM64-KVM v7.2.13,build1762,260128 (GA.M) License Status: Invalid VM Resources: 1 CPU/1 allowed, 1992 MB RAM/2048 MB allowedThe VM image used:FFW_VM64_KVM-v7.2.13.M-build1762-FORTINET.out.kvm.zipThis is a fresh deployment on GNS3 using KVM.  

Hello everyone, I would like to know what's the network's behaviour when FortiNAC is down (unrecheable) or doing a firmware upgrade ? Are the users stuck in the isolation VLAN or the behaviour is as if FortiNAC never existed ? Is FNAC 7.2.7 version stable, or should I upgrade to the latest versions 7.6.x ? BR,

Environment DetailsModel: FortiGate-VM (KVM)Firmware Version: 7.2.11Hypervisor: KVM (QEMU/Libvirt)Setup: Standard LAN-to-WAN routingProblem DescriptionI am experiencing a recurring issue where LAN-to-WAN connectivity functions perfectly upon initial configuration but fails consistently following a system reboot.Symptoms include:FortiGuard Disconnect: The dashboard shows a "Time Sync Error" or "Unable to connect to FortiGuard."Traffic Interruption: LAN users lose the ability to route traffic to the WAN.DNS Failures: DNS resolution via FortiGuard or system servers fails.Troubleshooting PerformedVerified basic firewall policies and static routes (all appear correct).Confirmed that the issue specifically triggers after a reboot.Attempted to manually set the time, but the error persists or returns. RegardsSantosh

Hello!I have recently begun to use FortiGate 7.2.13 for a school project and I might need some help.I want to create a policy on the GUI that blocks zip-files but so far I have not managed to get it to block any zip-files I download. I would really appreciate some help in any way for this problem, and if I need to upload more information regarding this please let me know.